Essential System Administration Pocket Reference

The root Account

su	`su [-] [user] [-c "command"]`Run a command as another user (defaults to root). If no command is specified, a new shell is started. If the initial hyphen is included, then the user’s login environment is duplicated.
	Limiting access to su
	AIX:	Limited to groups listed in the `sugroups` attribute for root in /etc/security/user.
	FreeBSD:	Define the member list for group 0 as non-null.
	Linux:	Use the `pam_wheel` module in the `su` file.
	su log file
	AIX:	/var/adm/sulog	FreeBSD:	/var/log/messages
	HP-UX:	/var/adm/sulog	Linux:	/var/log/messages
	Solaris:	Specified in the `SULOG` setting in /etc/default/ su.

Limiting direct root logins to the console

AIX:	`chuser ttys="/dev/lft,/dev/tty0" rlogin=false root`
FreeBSD:	Omit `secure` from all entries in /etc/ttys except `console`.
HP-UX:	/etc/securetty lists devices where root is allowed to log in (omit “/dev/” from the names).
Linux:	Use the `pam_securetty` module.
Solaris:	/etc/default/login: `CONSOLE=/dev/console`

sudo†	`sudo [options]` `command`
Run the specified command using the `sudo` facility. After successfully entering his password, a user can use the `sudo` command without having to re-enter it for a grace period (defaults to 5 minutes).
	Options
	`-v`	Reset the grace period to its full length.
	`-K`	Terminate the grace period.
	`-u` `user`	Run the command as the specified user (rather than root).
	`-l`	List allowed commands for the current user ...

Get Essential System Administration Pocket Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.